EulerOS Virtualization 2.5.3 : cyrus-sasl (EulerOS-SA-2019-1173)

According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt functio...

Google Android Qualcomm Closed Source Component Input Validation Error Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. An input validation error vulnerability exists in the Qualcomm closed source component in Android. An attacker can exploit this vulnerability to write arbitrary memory addresses passed by the use...

Instainsane - Multi-threaded Instagram Brute Forcer

Instainsane is a Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords/min with 100 attemps at once. Legal disclaimer: Usage of InstaInsane for attacking...

openSUSE Security Update : haproxy (openSUSE-2019-824)

This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 -...

CVE-2018-14575

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...

Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager

Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers...

GLSA-201903-10 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-10 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive information, caus...

GHSA-8554-JXCW-454Q Webargs mishandles concurrent JSON parsing

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

Insecure Caching

webargs uses insecure caching. Parsed JSON body is stored in a short-lived cache that would cause incorrect JSON payloads to be parsed for concurrent requests due to the cache not being thread-safe...

Design/Logic Flaw

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

PYSEC-2019-139

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

CVE-2019-9710

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

PYSEC-2019-139

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

PYSEC-2019-69

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

CVE-2019-9710

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

CVE-2019-9710

The CVE-2019-9710 entry refers to webargs before 5.1.3 (used with marshmallow and other products). The vulnerability is a non-thread-safe, short-lived cache used for parsing the JSON body, which could cause incorrect JSON payloads to be parsed under concurrent requests. Affected component: webarg...

vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection

Exploit Title : vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/03/2019 Vendor Homepages : vbulletin.com dragonbyte-tech.com Software Information Link :...

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...

The vulnerability of the elf_link_input_bfd function in the GNU Binutils development environment, related to the handling of zero pointer assignments, allows a hacker to trigger a service failure.

The vulnerability of the elflinkinputbfd function in the GNU Binutils development toolset is related to the use of a null pointer pointer when searching for STTTLS symbols, especially when TLS sections are not present. Exploiting this vulnerability can allow an attacker to cause a service failure...